Internet of Things security camera sends customers' video feed to someone else

Shelan Faith has an internet-enabled home "security" system from Vivint Home Security; it includes cameras that spy on the interior and exterior of her home, as well as sensors that report on things like when her doors and garage are open or closed.

Last week, a stranger mailed Faith a letter to inform her that they, the stranger, had full access to the AV and telemetry from her home; they were also Vivint Home Security customers and Vivint was leaking their data.

The stranger had spoken to Vivint, but the company had failed to address the problem. When Faith contacted the company about the letter, they initially refused to believe her. They told her she'd owe them thousands of dollars if she canceled her contract. The company now says the issue's been resolved and "we are updating our processes to make sure it can't happen again."

Vivint said the same thing in 2012, when another customer tried to cancel his service because his feeds were being exposed to other customers. Vivint also tried to charge that customer thousands to get out of his contract.

The spokesperson told CBC News the security system requires an email invitation to connect, but a technician used their own email account to connect the system for a customer who did not have an email account.

They said the two systems were accidentally connected when the technician went to the next installation.

The spokesperson said the technician felt "terrible" about the incident.

'I'm looking out your front door': Stranger had access to homeowner's security cameras [Alicia Bridges/CBC]